diff options
| -rw-r--r-- | sys/hardware/yubico.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/hardware/yubico.nix b/sys/hardware/yubico.nix index 1c77675..ba820e1 100644 --- a/sys/hardware/yubico.nix +++ b/sys/hardware/yubico.nix @@ -30,13 +30,17 @@ in { module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so ''; + local.boot.impermanence.files = [ + "/etc/pam_u2f_keys" + ]; + security.pam = mkIf cfg.pamAuth { u2f = { enable = true; control = "sufficient"; settings = { - authfile = "/var/trust/pam_u2f_keys"; + authfile = "/etc/pam_u2f_keys"; cue = true; pinverification = 1; userpresence = 0; |